The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
LHA is an archive file format. LHA is used by the Lhaca compression utility.
A stack buffer overflow vulnerability exists in the Lhaca program. This vulnerability occurs due to insuffiecient bounds checking. Note that there are reports that this vulnerability is being publicly exploited.
A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Thanks to Lhaca, Symantec, and Vuln.sg for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-07-06|
|Date Last Updated:||2009-01-16 15:15 UTC|